S3 Group

A global consulting organization is looking to hire experienced Ethical Hackers.
Key Responsibilities

The Ethical Hacker will be part of the centralized and world-class Ethical Hacking Centre of Excellence (COE) focusing on the development and delivery of Ethical Hacking Services. The Ethical Hacker will be responsible for identifying vulnerabilities in our clients’ network or applications that have a potential impact on the company, providing business-oriented solutions for remediation. Also, he/she will be utilizing structured Security and Network Engagement Methodologies (NEM), working with a dedicated team of Ethical Hackers, simulating attacks on clients’ networks in a controlled and safe manner to provide a real-life snapshot of the effectiveness of their security controls.

Duties include:

• Web Application Vulnerability Testing
Utilizes a customized process to conduct Ethical Hacking assessments of web-based applications
• VPN Vulnerability Testing
Applies a three-phased approach in an attempt to discover, identify, and penetrate the VPN as well as identify weaknesses in the VPN configuration
• External Network Vulnerability Testing
Attempts to penetrate your Internet firewall infrastructures as well as surrounding network systems
• Internal Network Vulnerability Testing
Provides you with a thorough understanding of how vulnerable your internal infrastructure is to threats such as disgruntled employees, hackers who gain access to the building, and former employees with “lingering”  access
• Wireless Vulnerability Testing
Utilizes a three-phased approach to identify vulnerabilities within an 802.11 wireless network
• War Dialing
Attempts to identify unauthorized modems that enable dial-in that bypasses your firewalls and filtering routers
• Pre-sales participation and training of client staff such as performing “live hacks”

Skills Required

• Solid written and oral communication
• Technical and business writing
• Analytical interviewing
• Effective listening
• Presentation development and delivery
• Engagement Management
• Understanding of best-practice methodologies
• Business Development
• Opportunity Identification in close cooperation with the sales team
• Ability to articulate components of the company’s security consulting offering as well as associated services
• Capability of writing and delivering sales presentations and scopes of work

Specific Technical Skills

• Penetration Testing tools: Dsniff, Ethereal, Nessus, N-Stealth, Netcat, Nmap, tcpdump, WebCracker, Whisker, etc.
• Operating Systems
• Security Technology: Firewalls, IDS/IPS, VPN, PKI, etc.
• Network Protocols
• WAN expertise
• Programming skills: C, C++, Assembler, Perl
• Excellent, demonstrated experience in application penetration testing
• Very strong knowledge of Computer Forensics, Network and Web application exploitation, Ethical Hacking, Penetration Testing and tool development
• Expert level experience in bypassing firewalls, evading intrusion detection
• Extensive technical experience in Network Security products, Cryptographic suites, Firewalls
• Demonstrable experience in UNIX and Windows administration
• Solid experience in application level attacks
• Knowledge of the software development lifecycle in a large enterprise
• At least 2 years of experience in Penetration Testing

Education

• Computer Science or related technical degree from an accredited institution or equivalent work experience and practical knowledge
• CISSP and/or GIAC are preferable
• Personal Characteristics
• Self starter
• Naturally inquisitive
• Ability to inspire and motivate
• Results-oriented and able to present at senior level
• Ability to focus on priorities
• Willingness to travel is a MUST

Print this page